From 7d4f36493c8cc6c622ed9946dc581287f324d0f1 Mon Sep 17 00:00:00 2001 From: Dirk Date: Thu, 5 Apr 2018 21:54:25 +0200 Subject: [PATCH] be more verbose what --warnings batch means (see #1027) --- doc/testssl.1 | 4 ++-- doc/testssl.1.md | 2 +- testssl.sh | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/testssl.1 b/doc/testssl.1 index 7698741..8270456 100644 --- a/doc/testssl.1 +++ b/doc/testssl.1 @@ -1,7 +1,7 @@ .\" generated with Ronn/v0.7.3 .\" http://github.com/rtomayko/ronn/tree/0.7.3 . -.TH "TESTSSL" "1" "August 2017" "" "" +.TH "TESTSSL" "1" "April 2018" "" "" . .SH "NAME" \fBtestssl\fR @@ -296,7 +296,7 @@ Security headers (X\-Frame\-Options, X\-XSS\-Protection, \.\.\., CSP headers) \fB\-4, \-\-rc4, \-\-appelbaum\fR Checks which RC4 stream ciphers are being offered\. . .SS "OUTPUT OPTIONS" -\fB\-\-warnings \fR The warnings parameter determines how testssl\.sh will deal with situations where user input will normally be necessary\. There are a couple of options here\. \fBbatch\fR doesn\'t wait for a confirming keypress\. This is automatically being chosen for mass testing (\fB\-\-file\fR)\. \fB\-false\fR just skips the warning AND the confirmation\. Please note that there are conflicts where testssl\.sh will still ask for confirmation\. Those are ones which would have a drastic impact on the results\. The same can be achived by setting the environment variable \fBWARNINGS\fR\. +\fB\-\-warnings \fR The warnings parameter determines how testssl\.sh will deal with situations where user input normally will be necessary\. There are a couple of options here\. \fBbatch\fR doesn\'t wait for a confirming keypress\. This is automatically being chosen for mass testing (\fB\-\-file\fR)\. \fB\-false\fR just skips the warning AND the confirmation\. Please note that there are conflicts where testssl\.sh will still ask for a confirmation which are the ones which would have a drastic impact on the results\. Almost any other decision will be made as a best guess by testssl\.sh\. The same can be achived by setting the environment variable \fBWARNINGS\fR\. . .P \fB\-\-openssl\-timeout \fR This is especially useful for all connects using openssl and practically useful for mass testing\. It avoids the openssl connect to hang for ~2 minutes\. The expected parameter \fB\fR instructs testssl\.sh to wait before the openssl connect will be terminated\. The option is only available if your OS has a timeout binary installed\. As there are different implementations of \fBtimeout\fR: It automatically calls the binary with the right parameters\. diff --git a/doc/testssl.1.md b/doc/testssl.1.md index f9684ba..2cb2a40 100644 --- a/doc/testssl.1.md +++ b/doc/testssl.1.md @@ -204,7 +204,7 @@ If the server provides no matching record in Subject Alternative Name (SAN) but ### OUTPUT OPTIONS -`--warnings ` The warnings parameter determines how testssl.sh will deal with situations where user input will normally be necessary. There are a couple of options here. `batch` doesn't wait for a confirming keypress. This is automatically being chosen for mass testing (`--file`). `-false` just skips the warning AND the confirmation. Please note that there are conflicts where testssl.sh will still ask for confirmation. Those are ones which would have a drastic impact on the results. +`--warnings ` The warnings parameter determines how testssl.sh will deal with situations where user input normally will be necessary. There are a couple of options here. `batch` doesn't wait for a confirming keypress. This is automatically being chosen for mass testing (`--file`). `-false` just skips the warning AND the confirmation. Please note that there are conflicts where testssl.sh will still ask for a confirmation which are the ones which would have a drastic impact on the results. Almost any other decision will be made as a best guess by testssl.sh. The same can be achived by setting the environment variable `WARNINGS`. `--openssl-timeout ` This is especially useful for all connects using openssl and practically useful for mass testing. It avoids the openssl connect to hang for ~2 minutes. The expected parameter `` instructs testssl.sh to wait before the openssl connect will be terminated. The option is only available if your OS has a timeout binary installed. As there are different implementations of `timeout`: It automatically calls the binary with the right parameters. diff --git a/testssl.sh b/testssl.sh index ea9d0ac..4d09f89 100755 --- a/testssl.sh +++ b/testssl.sh @@ -11587,7 +11587,7 @@ tuning / connect options (most also can be preset via environment variables): --sneaky leave less traces in target logs: user agent, referer output options (can also be preset via environment variables): - --warnings "batch" doesn't wait for keypress, "off" or "false" skips connection warning + --warnings "batch" doesn't ask for a confirmation, "off" or "false" skips connection warnings --openssl-timeout useful to avoid hangers. to wait before openssl connect will be terminated --quiet don't output the banner. By doing this you acknowledge usage terms normally appearing in the banner --wide wide output for tests like RC4, BEAST. PFS also with hexcode, kx, strength, RFC name